Most of my problems comes from that I didn't had a bridge !
Now I create one on HN that bridges HN eth0.21 (vlan 21 interface) to
veth21233 (VE eth0.21 interface) and things get better.
[r...@cuzco ~]# brctl addbr vzbr0
[r...@cuzco ~]# ifconfig vzbr0 up
[r...@cuzco ~]# brctl addif vzbr0 eth0.21
[r...@cuzco ~]# brctl addif vzbr0 veth21233.0
[r...@cuzco ~]# brctl show
bridge name bridge id STP enabled interfaces
vzbr0 8000.0018515796b5 no veth21233.0
eth0.21
from my VE I now can go to the internet ;-)
[r...@monitor /]# traceroute -I www.google.fr
traceroute to www.google.fr (66.249.92.104), 30 hops max, 40 byte packets
1 157.159.21.1 (157.159.21.1) 0.317 ms 0.310 ms 0.382 ms
2 r7206-01.int-evry.fr (157.159.8.1) 0.387 ms 0.384 ms 0.496 ms
...
I still have to find how to make that manual config permanent (at boot
up) ...
and I also wonder if I will have to create a bridge for each and every
vlan my HN will host, ie an other vzbr0.10 for bridge between HN eth0.10
and my VEs on vlan10 , and others one vzbr0.X for VEs on vlan X ... or
can I share a single vzbr0 bridge interface for each vlan ?
Thanks .
jehan procaccia a écrit :
I still cannot run vlan on my VEs :-(
as I cannot find a easy way with venet , I am now trying with veth.
I follow docs:
http://wiki.openvz.org/VLAN and
http://wiki.openvz.org/Virtual_Ethernet_device
regarding 1st doc, I set from the HN a veth in vlan 21 for my VE (21233)
[r...@cuzco ~]# vzctl set 21233 --netif_add eth0.21 --save
Configure veth devices: veth21233.0
Saved parameters for CT 21233
I also already do have a eth0.21 interface on the HN for vlan21
[r...@cuzco ~]# ifconfig eth0.21
eth0.21 Link encap:Ethernet HWaddr B8:AC:6F:83:CC:9E
adr inet6: fe80::baac:6fff:fe83:cc9e/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:904736 errors:0 dropped:0 overruns:0 frame:0
TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:77972548 (74.3 MiB) TX bytes:3820 (3.7 KiB)
I hope/supose there's no conflict name between eth0.21 on HN an
eth0.21 on VE !?
anyway, on the HN I correctly ping vlan21 router
[r...@cuzco ~]# ping 157.159.21.1
PING 157.159.21.1 (157.159.21.1) 56(84) bytes of data.
64 bytes from 157.159.21.1: icmp_seq=1 ttl=255 time=0.771 ms
On VE I manually configure network:
[r...@monitor /]# ifconfig eth0.21 0
[r...@monitor /]# ip addr add 157.159.21.233/24 dev eth0.21
[r...@monitor /]# ip route add default dev eth0.21
it ping itself:
[r...@monitor /]# ping 157.159.21.233
PING 157.159.21.233 (157.159.21.233) 56(84) bytes of data.
64 bytes from 157.159.21.233: icmp_seq=1 ttl=64 time=0.020 ms
but not the router on vlan 21 :-( :
[r...@monitor /]# ping 157.159.21.1
PING 157.159.21.1 (157.159.21.1) 56(84) bytes of data.
From 157.159.21.233 icmp_seq=2 Destination Host Unreachable
Did I miss something ?
is there a need to add a route for the VE on the HN ? I tried without
success
# ip route add 157.159.21.233 dev veth21233.0
RTNETLINK answers: No such device
although there is a veth21233.0 device !
[r...@cuzco network-scripts]# ifconfig veth21233.0
veth21233.0 Link encap:Ethernet HWaddr 00:18:51:AA:E8:49
adr inet6: fe80::218:51ff:feaa:e849/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:13 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:564 (564.0 b) TX bytes:0 (0.0 b)
I saw lot of post about creating bridges ... do I need a bridge
something somewhere ?
please help .
Thanks .
Jehan PROCACCIA a écrit :
After all, I am wondering if it possible to run multiple vlan with
venet ?
should I consider using veth instead of venet ?
I wanted to run it on venet because it prevent me to find a Mac
address for each of my VEs , but if it's impossible, I might consider
using veth. Any pros and cons between veth/venet for vlan use ?
for documentation on this subject I only found one based on veth:
http://wiki.openvz.org/VLAN
http://ckdake.com/content/2008/vlans-in-openvz.html
http://en.gentoo-wiki.com/wiki/OpenVZ_VLAN
any others ?
Thanks .
Le 15/07/2010 18:15, Jehan PROCACCIA a écrit :
hello
I created 2 VEs on HN that are on different vlans
HN is on "native" vlan 22, VE1 is on vlan 10 and VE2 on vlan 21
[r...@cuzco ~]# vzlist -a
CTID NPROC STATUS IP_ADDR HOSTNAME
101 16 running - -
10222 12 running 157.159.10.222
moodle2010.it-sudparis.eu
21233 12 running 157.159.21.233 monitor.it-sudparis.eu
my problem is that VEs cannot get out of their own vlan :-(
Example, from VE1 on vlan10 I cannot ping Vlan21 addresses (21.1
and 10.1 is the cisco switch/router that routes ip between vlans)
[r...@cuzco ~]# vzctl enter 10222
entered into CT 10222
[r...@moodle2010 /]
$ ping 157.159.10.1
PING 157.159.10.1 (157.159.10.1) 56(84) bytes of data.
64 bytes from 157.159.10.1: icmp_seq=1 ttl=254 time=0.290 ms
64 bytes from 157.159.10.1: icmp_seq=2 ttl=254 time=0.278 ms
64 bytes from 157.159.10.1: icmp_seq=3 ttl=254 time=0.294 ms
--- 157.159.10.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.278/0.287/0.294/0.015 ms
ping OK on it's own vlan, but not on the other one:
[r...@moodle2010 /]
$ ping 157.159.21.1
PING 157.159.21.1 (157.159.21.1) 56(84) bytes of data.
--- 157.159.21.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
did I missed somthing ?
here's some more information about network parameters:
[r...@cuzco ~]# cat /proc/net/vlan/config
VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
eth0.10 | 10 | eth0
eth0.21 | 21 | eth0
[r...@cuzco ~]# cat /proc/sys/net/ipv4/ip_forward
1
[r...@cuzco ~]# ifconfig
eth0 Link encap:Ethernet HWaddr B8:AC:6F:83:CC:9E
inet adr:157.159.22.65 Bcast:157.159.22.255
Masque:255.255.255.0
eth0.10 Link encap:Ethernet HWaddr B8:AC:6F:83:CC:9E
inet adr:157.159.10.235 Bcast:157.159.10.255
Masque:255.255.255.0
eth0.21 Link encap:Ethernet HWaddr B8:AC:6F:83:CC:9E
inet adr:157.159.21.235 Bcast:157.159.21.255
Masque:255.255.255.0
lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
venet0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
[r...@cuzco ~]# netstat -nr
Table de routage IP du noyau
Destination Passerelle Genmask Indic MSS Fenêtre
irtt Iface
157.159.10.222 0.0.0.0 255.255.255.255 UH 0
0 0 venet0
157.159.21.233 0.0.0.0 255.255.255.255 UH 0
0 0 venet0
157.159.10.0 0.0.0.0 255.255.255.0 U 0
0 0 eth0.10
157.159.21.0 0.0.0.0 255.255.255.0 U 0
0 0 eth0.21
157.159.22.0 0.0.0.0 255.255.255.0 U 0
0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0
0 0 eth0.21
0.0.0.0 157.159.22.1 0.0.0.0 UG 0
0 0 eth0
[r...@cuzco ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp
dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW tcp dpt:22
ACCEPT udp -- 157.159.21.10 0.0.0.0/0 udp
dpt:10080
ACCEPT tcp -- 157.159.0.0/16 0.0.0.0/0 state
NEW tcp dpt:1311
ACCEPT tcp -- 157.159.10.92 0.0.0.0/0 state
NEW tcp dpt:5666
ACCEPT tcp -- 157.159.21.33 0.0.0.0/0 state
NEW tcp dpt:5666
_______________________________________________
Users mailing list
[email protected]
https://openvz.org/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
https://openvz.org/mailman/listinfo/users
